<%#
kind: provision
name: Kickstart default
model: ProvisioningTemplate
oses:
- CentOS
- Fedora
- RedHat
%>
<%#
This template accepts the following parameters:
- lang: string (default="en_US.UTF-8")
- selinux-mode: string (default="enforcing")
- keyboard: string (default="us")
- time-zone: string (default="UTC")
- http-proxy: string (default="")
- http-proxy-port: string (default="")
- force-puppet: boolean (default=false)
- enable-epel: boolean (default=true)
- enable-puppetlabs-repo: boolean (default=false)
- enable-puppetlabs-puppet5-repo: boolean (default=false)
- enable-puppetlabs-puppet6-repo: boolean (default=false)
- salt_master: string (default=undef)
- ntp-server: string (default=undef)
- bootloader-append: string (default="nofb quiet splash=quiet")
- disable-firewall: boolean (default=false)
- package_upgrade: boolean (default=true)
- disable-uek: boolean (default=false)
- use-ntp: boolean (default depends on OS release)
- fips_enabled: boolean (default=false)

Reference links:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/s1-kickstart2-options
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user
%>

# This kickstart file was rendered from the Foreman provisioning template "<%= @template_name %>".

<%
  rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
  is_fedora = @host.operatingsystem.name == 'Fedora'
  os_major = @host.operatingsystem.major.to_i
  os_minor = @host.operatingsystem.minor.to_i
  realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
  # safemode renderer does not support unary negation
  pm_set = @host.puppetmaster.empty? ? false : true
  proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
  proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
  puppet_enabled = pm_set || host_param_true?('force-puppet')
  salt_enabled = host_param('salt_master') ? true : false
  chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
  section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
  use_ntp = host_param_true?('use-ntp') || (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 7)
  iface = @host.provision_interface
-%>

<% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
install
<% end -%>
<%
if host_param('kickstart_liveimg')
  img_name = host_param('kickstart_liveimg')
  liveimg_url = if host_param('kt_activation_keys')
    repository_url(img_name, 'isos')
  else
    if img_name.match(%r|^([\w\-\+]+)://|)
      img_name
    else
      "#{medium_uri}/#{img_name}"
    end
  end
%>
liveimg --url=<%= liveimg_url %> <%= proxy_string %>
<% else %>
<%= @mediapath %><%= proxy_string %>
<% @additional_media.each do |medium| -%>
<% if rhel_compatible && @host.operatingsystem.name.downcase.include?("centos") && os_major >= 8 && medium[:url] && medium[:url].include?("AppStream") -%>
# renamed from "<%= medium[:url] %>" for CentOS Anaconda to work
repo --name AppStream --baseurl <%= medium[:url] %>
<% else -%>
repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
<% end -%>
<% end -%>
<%= snippet_if_exists(template_name + " custom repositories") %>
<% end %>
lang <%= host_param('lang') || 'en_US.UTF-8' %>
selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
keyboard <%= host_param('keyboard') || 'us' %>
skipx

<%
  network_options = []
  nameservers = []
  subnet4 = iface.subnet
  subnet6 = iface.subnet6

  # device and hostname
  network_options.push("--device=#{iface.mac || iface.identifier}")
  network_options.push("--hostname #{@host.name}")

  # single stack
  if subnet4 && !subnet6
    network_options.push("--noipv6")
  elsif !subnet4 && subnet6
    network_options.push("--noipv4")
  end

  # dual stack MTU check
  raise("IPv4 and IPv6 subnets have different MTU") if subnet4 && subnet6 && subnet4.mtu.present? && subnet6.mtu.present? && subnet4.mtu != subnet6.mtu

  # IPv4
  if (subnet4 && !subnet4.dhcp_boot_mode?) || @static
    network_options.push("--bootproto static")
    network_options.push("--ip=#{iface.ip}")
    network_options.push("--netmask=#{subnet4.mask}")
    network_options.push("--gateway=#{subnet4.gateway}")
  elsif subnet4 && subnet4.dhcp_boot_mode?
    network_options.push("--bootproto dhcp")
  end
  if subnet4
    nameservers.concat(subnet4.dns_servers)
    network_options.push("--mtu=#{subnet4.mtu}") if subnet4.mtu.present?
  end

  # IPv6
  if rhel_compatible && os_major >= 6
    if (subnet6 && !subnet6.dhcp_boot_mode?) || @static6
      network_options.push("--ipv6=#{iface.ip6}/#{subnet6.cidr}")
      network_options.push("--ipv6gateway=#{subnet6.gateway}")
    elsif subnet6 && subnet6.dhcp_boot_mode?
      if host_param_true?('use-slaac')
        network_options.push("--ipv6 auto")
      else
        network_options.push("--ipv6 dhcp")
      end
    end
    if subnet6
      nameservers.concat(subnet6.dns_servers)
      network_options.push("--mtu=#{subnet6.mtu}") if subnet6.mtu.present?
    end
  end

  # bond
  if iface.bond? && rhel_compatible && os_major >= 6
    network_options.push("--bondslaves=#{iface.attached_devices_identifiers}")
    network_options.push("--bondopts=mode=#{iface.mode};#{iface.bond_options.tr(' ', ';')}")
  end

  # VLAN (only on physical is recognized)
  if iface.virtual? && iface.tag.present? && iface.attached_to.present?
    if rhel_compatible && os_major == 6
      network_options.push("--vlanid=#{iface.tag}")
    else
      network_options.push("--interfacename=vlan#{iface.tag}")
    end
  end

  # DNS
  if nameservers.size > 0
    network_options.push("--nameserver=#{nameservers.join(',')}")
  else
    network_options.push("--nodns")
  end
-%>
network <%= network_options.join(' ') %>

rootpw --iscrypted <%= root_pass %>
<% if host_param_true?('disable-firewall') -%>
firewall --disable
<% else -%>
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
<% end -%>
<% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% else -%>
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
<% end -%>
<% if use_ntp -%>
timezone --utc <%= host_param('time-zone') || 'UTC' %>
<% else -%>
timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>
<% end -%>

<% if rhel_compatible -%>
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
<% end -%>

<% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
# One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
repo --name="Server-Mysql"
<% end -%>

<% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
# Bootloader exception for Fedora 16:
bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= @grub_pass %>
part biosboot --fstype=biosboot --size=1
<% else -%>
bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= @grub_pass %>
<% if os_major == 5 -%>
key --skip
<% end -%>
<% end -%>

<% if @dynamic -%>
%include /tmp/diskpart.cfg
<% else -%>
<%= @host.diskLayout %>
<% end -%>

text
reboot

%packages
<%= snippet_if_exists(template_name + " custom packages") %>
yum
dhclient
<% if use_ntp -%>
ntp
-chrony
<% else -%>
chrony
-ntp
<% end -%>
wget
@Core
<% if os_major >= 6 -%>
redhat-lsb-core
<% end -%>
<% if host_param_true?('fips_enabled') -%>
<%=   snippet 'fips_packages' %>
<% end -%>
<%= section_end -%>

<% if @dynamic -%>
%pre
<%= snippet_if_exists(template_name + " custom pre") %>
<%= @host.diskLayout %>
<%= section_end -%>
<% end -%>

%post --nochroot
exec < /dev/tty3 > /dev/tty3
#changing to VT 3 so that we can see whats going on....
/usr/bin/chvt 3
(
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
/usr/bin/chvt 1
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
<%= section_end -%>

<%#
Main post script, if it fails the last post is still executed.
%>
%post --log=/root/install.post.log
logger "Starting anaconda <%= @host %> postinstall"
exec < /dev/tty3 > /dev/tty3
#changing to VT 3 so that we can see whats going on....
/usr/bin/chvt 3
<%= snippet_if_exists(template_name + " custom post") %>
<%= snippet 'kickstart_networking_setup' %>

<%= snippet 'ntp' %>

<%= snippet 'yum_proxy' %>

<% if rhel_compatible && !host_param_false?('enable-epel') -%>
<%= snippet 'epel' -%>
<% end -%>

<%= snippet 'redhat_register' %>

<% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
<%= snippet 'freeipa_register' %>
<% end -%>

<% unless host_param_false?('package_upgrade') -%>
# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
  dnf -y update
else
  yum -t -y update
fi
<% end -%>

<%= snippet('remote_execution_ssh_keys') %>

<%= snippet "blacklist_kernel_modules" %>

<% if chef_enabled %>
<%= snippet 'chef_client' %>
<% end -%>

<% if puppet_enabled %>
<% if host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet6-repo')|| host_param_true?('enable-puppetlabs-puppet5-repo') -%>
<%= snippet 'puppetlabs_repo' %>
<% end -%>
<%= snippet 'puppet_setup' %>
<% end -%>

<% if salt_enabled %>
<%= snippet 'saltstack_setup' %>
<% end -%>

<% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
# Uninstall the Oracle Unbreakable Kernel packages
yum -t -y remove kernel-uek*
sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
<% end -%>

<%= snippet('ansible_provisioning_callback') %>

<%= snippet 'efibootmgr_netboot' %>

touch /tmp/foreman_built
<%= section_end -%>

<%#
The last post section halts Anaconda to prevent endless loop
%>
<% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
%post
<% else -%>
%post --erroronfail
<% end -%>

<% if @host.respond_to?(:bootdisk_build?) && @host.bootdisk_build? %>
eject -v
<% end -%>

if test -f /tmp/foreman_built; then
  echo "calling home: build is done!"
  <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
else
  echo "calling home: build failed!"
  <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
fi

sync
<%= section_end -%>
